New Rule: win_security_gpo_startup_script.yml - Githubissues

SigmaHQ / sigma

Main Sigma Rule Repository

Other

8.19k stars 2.17k forks source link

New Rule: win_security_gpo_startup_script.yml #5001

Closed joshnck closed 3 weeks ago

joshnck commented 3 weeks ago

Summary of the Pull Request

New Rule for Startup or Logon Script Added to Group Policy Object as per https://www.elastic.co/guide/en/security/current/startup-logon-script-added-to-group-policy-object.html

Changelog

new: Startup/Logon Script Added to Group Policy Object

Example Log Event

N/A

Fixed Issues

N/A

SigmaHQ Rule Creation Conventions

If your PR adds new rules, please consider following and applying these conventions